SID 3007
Msg
"IMAP delete overflow attempt"
Summary
This event is generated when an attempt is made to exploit a buffer overflow associated with the DELETE command of the IPSwitch IMail IMAP service.
Classtype
misc-attack
Impact
A successful attack may cause a denial of service or a buffer overflow and the subsequent execution of arbitrary code on a vulnerable server.
Detailed Information
A vulnerability exists in the way that the IPSwitch IMail IMAP service handles a DELETE command. An excessively long user-supplied mailbox name to be deleted can trigger a denial of service or a buffer overflow and the subsequent execution of arbitrary code on a vulnerable server.
Affected Systems
- IPSwitch IMail IMAP4 server 8.13
Attack Scenarios
An attacker can supply an overly long mailbox name for deletion, possibly causing denial of service or a buffer overflow.
Ease Of Attack
Simple.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the latest non-affected version of the software.
Contributors
- Sourcefire Vulnerability Research Team
- Judy Novak
